How to Install libmodsecurity + Nginx on Ubuntu 14.04

ModSecurity, originally written as a web
application firewall (WAF) for Apache servers, is the de facto standard for
open-source WAF solutions. Recent work on the project has shifted focus toward
providing a generic shared library that any web server can use to protect
HTTP(S) requests. These instructions touch on building and configuring
libmodsecurity for a DreamCompute instance running Ubuntu 14.04.

Building libmodsecurity

First, install the necessary packages and libraries used to build source
projects, as well as libraries used specifically by libmodsecurity:

These directives can be added inside the http block, or one or more server
or location blocks. Once this is added, reload Nginx. This rule can now be
tested by sending a regular request to Nginx and examining the output:

A 403 response means that Nginx has blocked the request based on processing the
request with libmodsecurity. From here, libmodsecurity can be customized using
the available directives for ModSecurity (see the
ModSecurity reference manual
for more information).

Final Notes

It should be noted that libmodsecurity is still in active development, so
certain functionality is subject to change. As with any actively developed
open source project, be sure to check the source code for the most recent
releases.